[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Incompatibilities between 2.1 ldapsearch and 2.3 servers?

To: Quanah Gibson-Mount <quanah@stanford.edu>
Subject: Re: Incompatibilities between 2.1 ldapsearch and 2.3 servers?
From: Howard Chu <hyc@symas.com>
Date: Mon, 17 Jul 2006 10:41:08 -0700
Cc: openldap-devel@OpenLDAP.org
In-reply-to: <EC5E018F41CF5B6BE906BA06@SW-90-717-287-3.stanford.edu>
References: <EC5E018F41CF5B6BE906BA06@SW-90-717-287-3.stanford.edu>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060716 SeaMonkey/1.5a

Quanah Gibson-Mount wrote:

I thought that the "ldapsearch" binary from any given release should work with a server running a different release, but this does not appear to be the case. Our 2.3.24 Linux servers cannot be searched with a 2.1.25 ldapsearch binary if there are a lot of results. What we get is:
ldap_result: Can't contact LDAP server (81)
If I use a 2.3 series ldapsearch binary, the search completes without problem. The ldap server seems to think that the 2.1 binary issued an UNBIND request:

No, the ldapsearch binary *does* issue an Unbind request once it gets the error 81. Most likely this is a SASL buffering bug that was fixed after 2.1.25.

Jul 17 09:58:14 ldap1 slapd[16672]: conn=27534 fd=376 ACCEPT from IP= 171.67.16.82:48070 (IP=0.0.0.0:389) Jul 17 09:58:14 ldap1 slapd[16672]: conn=27534 op=0 SRCH base="" scope =0 deref=0 filter="(objectClass=*)" Jul 17 09:58:14 ldap1 slapd[16672]: conn=27534 op=0 SRCH attr= supportedSASLMechanisms Jul 17 09:58:14 ldap1 slapd[16672]: conn=27534 op=0 SEARCH RESULT tag= 101 err=0 nentries=1 text= Jul 17 09:58:14 ldap1 slapd[16672]: conn=27534 op=1 BIND dn="" method=163 Jul 17 09:58:14 ldap1 slapd[16672]: conn=27534 op=1 RESULT tag=97 err= 14 text= Jul 17 09:58:14 ldap1 slapd[16672]: conn=27534 op=2 BIND dn="" method=163 Jul 17 09:58:14 ldap1 slapd[16672]: conn=27534 op=2 RESULT tag=97 err= 14 text= Jul 17 09:58:14 ldap1 slapd[16672]: conn=27534 op=3 BIND dn="" method=163 Jul 17 09:58:14 ldap1 slapd[16672]: conn=27534 op=3 BIND authcid= "service/registryauditor@stanford.edu" authzid="service/ registryauditor@stanford.edu" Jul 17 09:58:14 ldap1 slapd[16672]: conn=27534 op=3 BIND dn="cn= registrydataauditor,cn=service,cn=applications,dc=stanford,dc= edu" mech=GSSAPI ssf=56 Jul 17 09:58:14 ldap1 slapd[16672]: conn=27534 op=3 RESULT tag=97 err= 0 text= Jul 17 09:58:14 ldap1 slapd[16672]: conn=27534 op=4 SRCH base="dc= stanford,dc=edu" scope=2 deref=0 filter="(suPrivilegeGroup=stanford: staff)" Jul 17 09:58:14 ldap1 slapd[16672]: conn=27534 op=4 SRCH attr=suregid Jul 17 09:58:14 ldap1 slapd[16672]: conn=27534 op=5 UNBIND Jul 17 09:58:14 ldap1 slapd[16672]: conn=27534 fd=376 closed
Thoughts?


--
 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/

Follow-Ups:
- Re: Incompatibilities between 2.1 ldapsearch and 2.3 servers?
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

References:
- Incompatibilities between 2.1 ldapsearch and 2.3 servers?
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

Prev by Date: Incompatibilities between 2.1 ldapsearch and 2.3 servers?
Next by Date: Re: Incompatibilities between 2.1 ldapsearch and 2.3 servers?
Index(es):
- Chronological
- Thread